# Aguara

> Open-source static security scanner for AI agent skills and MCP servers. 148+ detection rules across 13 categories. Scans skill files, tool schemas, and server configurations for prompt injection, credential exfiltration, supply chain attacks, and more. 100% local, zero dependencies, SARIF output.

## Core Capabilities

- [Security Scanner](https://aguarascan.com/): Static analysis of AI agent skills and MCP server configurations — 148+ rules, 13 threat categories, 3 detection layers (pattern matching, NLP analysis, taint tracking)
- [Auto-Discovery](https://aguarascan.com/blog/how-i-built-semgrep-for-ai-agents/): Automatically discovers and scans MCP server configurations from Claude Desktop, Cursor, Windsurf, and other MCP clients
- [Aguara Watch Observatory](https://aguarascan.com/blog/the-security-flywheel/): Continuous crawling and scanning of 42,655+ skills across 7 registries — live threat intelligence for the MCP ecosystem
- [MCP Server](https://aguarascan.com/): Native MCP tool that gives AI agents direct access to scan, lookup, and threat intelligence capabilities
- [CI/CD Integration](https://aguarascan.com/): SARIF output for GitHub Code Scanning, GitLab SAST, and CI pipeline integration

## Installation

```
go install github.com/aguarascan/aguara@latest
```

## Blog Posts

- [Aguara v0.4.0, MCP v0.3.0 & Watch Expansion — Coordinated Release](https://aguarascan.com/blog/v0-4-0-coordinated-release/)
- [Securing Your OpenClaw Setup: 7 Checks + Automated Scanning](https://aguarascan.com/blog/securing-openclaw-setup/)
- [Kali Linux + Claude Desktop: When Offensive Security Meets MCP](https://aguarascan.com/blog/kali-claude-desktop-mcp-security/)
- [NIST Asks How to Secure AI Agents. We Already Have Answers.](https://aguarascan.com/blog/nist-ai-agent-identity-authorization/)
- [The Security Flywheel: How Scanner, Observatory, and MCP Server Compound](https://aguarascan.com/blog/the-security-flywheel/)
- [Docker Sandboxes Are Not Enough](https://aguarascan.com/blog/docker-sandboxes-are-not-enough/)
- [Your AI Agent Config is a Security Liability](https://aguarascan.com/blog/ai-agent-config-security-liability/)
- [OWASP Agentic Top 10 Mapped to Aguara Detection Rules](https://aguarascan.com/blog/owasp-agentic-top-10-mapped-to-detection-rules/)
- [MCP Tool Poisoning: Beyond Descriptions](https://aguarascan.com/blog/mcp-tool-poisoning-beyond-descriptions/)
- [From SKILL.md to Shell: A Security Audit Guide](https://aguarascan.com/blog/skill-md-security-audit-guide/)
- [npx -y Considered Harmful: Supply Chain Risks in MCP Server Configurations](https://aguarascan.com/blog/npx-y-considered-harmful/)
- [We Scanned 28,000 AI Agent Skills for Security Threats](https://aguarascan.com/blog/we-scanned-28000-ai-agent-skills/)
- [How I Built a Semgrep-Like Scanner for AI Agent Skills](https://aguarascan.com/blog/how-i-built-semgrep-for-ai-agents/)

## Optional

- [Oktsec](https://oktsec.com/): Security layer for AI agent-to-agent communication — MCP Gateway, cryptographic identity, and runtime policy enforcement, powered by the Aguara detection engine
- [Oktsec LLM Context](https://oktsec.com/llms.txt): Full product context for Oktsec
- [GitHub](https://github.com/aguarascan/aguara)